›› 2017, Vol. 30 ›› Issue (9): 169-.
• 论文 • 上一篇
张冰冰
出版日期:
发布日期:
作者简介:
ZHANG Bingbing
Online:
Published:
摘要:
由于地址解析协议(ARP)是无状态协议,且由主机发送的任何IP-MAC配对时在未经验证的情况下被接受,由此可能被局域网(LAN)中的恶意主机利用。针对该问题,文中提出了用于LAN攻击的入侵检测系统的离散事件系统。通过在ARP分组序列的基础上,在正常和攻击状态下为LAN建立离散事件系统模型;使用主动ARP检测以在正常和攻击状态下创建不同的ARP事件;随后,构建离散事件系统检测器,根据检测到的ARP事件确定LAN是否处于正常或攻击状态。文中所提出的方案在测试平台中被成功实现。
关键词: 局域网攻击, 离散事件系统, 地址解析协议, 网络安全
Abstract:
Since the Address Resolution Protocol (ARP) is a stateless protocol and any IP-MAC pair sent by the host is accepted without authentication, it may be exploited by malicious hosts in a local area network. To solve this problem, a discrete event system for intrusion detection system for LAN attack is proposed in this paper. Using the active ARP detection to create different ARP events in the normal and attack state; and then constructing the discrete event system detector to detect the ARP events in the normal and attack state; Determine whether the LAN is in a normal or attacked state based on the detected ARP events. The scheme proposed in this paper is successfully implemented in the test platform.
Key words: local area network attack, discrete event systems, address resolution protocol, network security
中图分类号:
张冰冰. 用于感知局域网攻击的离散事件系统研究[J]. , 2017, 30(9): 169-.
ZHANG Bingbing. Research on Discrete Event System for LAN Attack[J]. , 2017, 30(9): 169-.
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: https://journal.xidian.edu.cn/dzkj/CN/
https://journal.xidian.edu.cn/dzkj/CN/Y2017/V30/I9/169
Cited
